Versions Compared

Old Version 28

changes.mady.by.user Kevin Kastning

Saved on

compared with

New Version 29

changes.mady.by.user Ray O'Meara

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version 2.0.0

Table of Contents

Introduction

The Synopsys Detect for Azure DevOps plugin, formerly known as Black Duck Detect plugin for TFS/VSTS, is architected to seamlessly integrate Synopsys Detect with Azure DevOps build and release pipelines. 

...

For more information on Synopsys Detect, refer to Synopsys Detect.

Requirements

Before calling Synopsys Detect in TFS or Azure DevOps, an active instance of Black Duck Duck or Polaris (if running SAST) is required.  If you do not have Black Duck, refer to Black Duck on the Azure Marketplace for more information.

...

Info

This plugin is for Windows environments only, due to the PowerShell requirement.

Installing the Synopsys Detect for Azure DevOps plugin

Installation prerequisites

Before you install Synopsys Detect Extension for Azure DevOps, ensure that:

...

You can get the Synopsys Detect for Azure DevOps plugin at VisualStudio Marketplace.

Using the Synopsys Detect for Azure DevOps plugin

Use the following processes for your Synopsys Detect for Azure DevOps plugin.

Configuring a task

Use the following process to configure a task.  In the user interface, fields with a red asterisk ( * ) are required.  Some default values are provided for you, such as version.  Note that the following fields belong to Azure DevOps, and are not part of the Detect plugin:

...

  1. Navigate to Your Collection > Project > Pipelines > Tasks. The plugin adds a new task of Run Synopsys Detect for your build.  You must add this task to your build queue.  Click Run Synopsys Detect for your build, and the Synopsys Detect panel displays on the right. In the Synopsys Detect configuration panel, complete the following fields and options.
  2. Display name: Type a unique name in this field.  Note that the name you type here displays in the left panel; the default name is Run Synopsys Detect for your build.
  3. Run Detect For The Following Products: Select one of the following options:
    1. All products: For all products, specify:
      1. Black Duck Service Endpoint (required)  Select an existing connection, or click +New to add a connection.
      2. Black Duck Proxy Service Endpoint (optional) Select an existing proxy, or click +New to add a proxy.
      3. Polaris Service Endpoint (required) Select an existing Polaris connection, or click +New to add a Polaris connection.
    2. Black Duck Only: Runs only on Black Duck.  Complete the following.
      1. Black Duck Service Endpoint (required)  Select an existing connection, or click +New to add a connection.
      2. Black Duck Proxy Service Endpoint (optional) Select an existing proxy, or click +New to add a proxy.
    3. Polaris Only: Runs only on Polaris.  Complete the following.
      1. Polaris Service Endpoint (required) Select an existing Polaris connection, or click +New to add a Polaris connection.
  4. Manage: Selecting Manage launches the Azure DevOps Service connections page, where you can further refine or add a service connection.  Manage is available for:
    1. Black Duck Service Endpoint.
    2. Black Duck Proxy Service Endpoint.
    3. Polaris Service Endpoint.
  5. Detect Version: Version of the Detect binary to use. The default value is latest.  Synopsys recommends using the latest, but here you can specify a version override if desired.
  6. Detect Arguments: Here you can include additional Detectarguments; Detect picks up your build environment variables and your project variables. Use a new line or space to separate multiple arguments. Use double quotes to escape. You can use environment and build variables.  For more information on Detect arguments, refer to Synopsys Detect Properties.
  7. Detect Folder: The location to download the Detect jar or the location of an existing Detect jar. The default is the system temp directory.  To specify a different directory, type the directory path and name in the field.
  8. Add Detect Task Summary: Click this checkbox to add a summary of the Detect task to the build summary task.

Running the task

After you have configured your task, you can run it as follows.

  • In Azure DevOps, click Queue, and your task is executed on the next available build agent.
  • If your task configuration is incomplete, a red status message of Some settings need your attention displays below Run Synopsys Detect for your build.  Missing required settings display in red in the Synopsys Detect panel.

Release Notes

Version 2.0.0

New features

  • Added support for Polaris.

...

  • Product renamed to Synopsys Detect for Azure DevOps.
Version 1.1.0

Changed features

  • The service endpoint configuration is now optional.
  • Added support for using an API token for user authentication.
Version 1.0.4

Changed features

  • Improved proxy support and handling of supplied proxy arguments.

...

  • Resolved an issue that could result in an Access denied error.
Version 1.0.3
  • Resolved an issue involving the SSL issue casting protocol.
Version 1.0.0
  • First release of product.

...